[Users] error from RkHunter and ChkRootKit

Markus Hardiyanto informatics2k1 at yahoo.com
Mon May 7 22:40:28 EDT 2007


I install RkHunter and ChkRootKit inside VE. the VE is using Centos 4.4 minimal installation. i download the Centos image from the list on OpenVZ Wiki.
here is the error that i got:

from RkHunter:

Performing 'known good' check...
/bin/kill  [ BAD ]
/sbin/insmod  [ BAD ]
/sbin/lsmod  [ BAD ]
/sbin/modprobe  [ BAD ]
/usr/bin/file  [ BAD ]
--------------------------------------------------------------------------------
Rootkit Hunter has found some bad or unknown hashes. This can happen due to replaced
binaries or updated packages (which give other hashes). Be sure your hashes are
up-to-date (rkhunter --update). If you're in doubt about these hashes, contact
us through the Rootkit Hunter mailinglist at rkhunter-users at lists.sourceforge.net.
--------------------------------------------------------------------------------

is this false positives??


from ChkRootKit:
Checking `lkm'... You have    74 process hidden for readdir command
chkproc: Warning: Possible LKM Trojan installed


note that this VPS is a fresh install, how come there is several errors above?



 
Best Regards,
Markus



Send instant messages to your online friends http://uk.messenger.yahoo.com 


More information about the Users mailing list